1. tar command
tar command is used to package a file compression or decompression, the format of "tar [options] [file]."
General use "tar -czvf name .tar.gz archive directory to be packaged" command to the specified file compression packing; corresponding decompression command "tar -xzvf .tar.gz archive name." Let us individually packaged presentation operation under compression and decompression. First use the tar command to / etc directory to package compressed by gzip format and name the file etc.tar.gz. Command is as follows:
tar czvf etc.tar.gz / etc
followed by the compressed package file to extract the package specified / root / etc directory (first to create / root / etc directory using the mkdir command):
# mkdir /root/etc
# Tar xzvf etc.tar.gz -C / root / etc
2. grep command
grep command is used to perform a search keyword in the text, and display the results match the format of "grep [options] [file]." Grep command parameters and their effect as shown in Table.
Table parameters and their role in the grep command
| parameter | effect |
| -b | The executable (binary) as a text file (text) to search |
| -c | Display only the number of lines found |
| -i | Ignore case |
| -n | Show Line Numbers |
| -v | Invert Selection - lists only the bank did not "keyword" of. |
grep command is the most widely used text searching and matching tools, though there are a lot of parameters, but most are basically less than. The idea of writing this book after Liu Trent teacher summed up in nearly 10 years of experience in operation and maintenance work of teaching and training, proposed "not practical to remove" definitely not lip service. If a level of IT trainers can only stay in the "technology of Porter" level, but not for high-quality technical knowledge to refine summary, it is not a good thing in terms of his students. Here we talk about two most commonly used parameters: -n parameter information to display the searched line number; -v parameter information selected from the trans (i.e., does not contain all the information keywords line). These two parameters can be completed almost 80 percent of the work your future needs, as hundreds of other parameters, even if later encountered during the work, and then use the man grep command to query too late.
On Linux systems, / etc / passwd file that holds all the user information, and once the user's login terminal is set to / sbin / nologin, is no longer allowed to log into the system, so you can use the grep command to find out the current system the system does not allow all users to log information:
[the root @ linuxprobe ~] # grep / sbin / nologin / etc / the passwd
bin: X:. 1:. 1: bin: / bin: / sbin / nologin
daemon: X: 2: 2: daemon: / sbin: / sbin / nologin
ADM: X:. 3:. 4: ADM: / var / ADM: / sbin / nologin
LP: X:. 4:. 7: LP: / var / spool / LPD: / sbin / nologin
mail: X:. 8: 12 is: mail: / var / spool / mail: / sbin / nologin
operator: X:. 11: 0: operator: / the root: / sbin / nologin
.................. .................. procedure information output omitted
3. find command
find command to find the conditions for the specified file, the format of "find [Search Path] Looking operating conditions."
This book has repeatedly referred to "all Linux system is a file", then we must witness the weight of this sentence. In the Linux system, search for jobs usually done by the find command, you can use it as a different file characteristics to find the conditions (such as file name, size, modification time, permissions and other information), once the match is successful then the information is displayed by default to the screen. And the role of the find command parameters are shown in Table.
Table find command parameters and the role
| parameter | effect |
| -name | Matching name |
| -perm | Matching permissions (mode as an exact match, -mode is to contain) |
| -user | Matching owner |
| -group | All group matches |
| -mtime -n +n | Match the content of the time (-n means within n days, + n refers to n days ago) |
| -atime -n +n | 匹配访问文件的时间(-n指n天以内,+n指n天以前) |
| -ctime -n +n | 匹配修改文件权限的时间(-n指n天以内,+n指n天以前) |
| -nouser | 匹配无所有者的文件 |
| -nogroup | 匹配无所有组的文件 |
| -newer f1 !f2 | 匹配比文件f1新但比f2旧的文件 |
| --type b/d/c/p/l/f | 匹配文件类型(后面的字幕字母依次表示块设备、目录、字符设备、管道、链接文件、文本文件) |
| -size | 匹配文件的大小(+50KB为查找超过50KB的文件,而-50KB为查找小于50KB的文件) |
| -prune | 忽略某个目录 |
| -exec …… {}\; | 后面可跟用于进一步处理搜索结果的命令(下文会有演示) |
这里需要重点讲解一下-exec参数重要的作用。这个参数用于把find命令搜索到的结果交由紧随其后的命令作进一步处理,它十分类似于第3章将要讲解的管道符技术,并且由于find命令对参数的特殊要求,因此虽然exec是长格式形式,但依然只需要一个减号(-)。
根据文件系统层次标准(Filesystem Hierarchy Standard)协议,Linux系统中的配置文件会保存到/etc目录中(详见第6章)。如果要想获取到该目录中所有以host开头的文件列表,可以执行如下命令:
[root@linuxprobe ~]# find /etc -name "host*" -print
/etc/avahi/hosts
/etc/host.conf
/etc/hosts
/etc/hosts.allow
/etc/hosts.deny
/etc/selinux/targeted/modules/active/modules/hostname.pp
/etc/hostname
如果要在整个系统中搜索权限中包括SUID权限的所有文件(详见第5章),只需使用-4000即可:
[root@linuxprobe ~]# find / -perm -4000 -print
/usr/bin/fusermount
/usr/bin/su
/usr/bin/umount
/usr/bin/passwd
/usr/sbin/userhelper
/usr/sbin/usernetctl
………………省略部分输出信息………………
进阶实验:在整个文件系统中找出所有归属于linuxprobe用户的文件并复制到/root/findresults目录。
该实验的重点是“-exec {} \;”参数,其中的{}表示find命令搜索出的每一个文件,并且命令的结尾必须是“\;”。完成该实验的具体命令如下:
[root@linuxprobe ~]# find / -user linuxprobe -exec cp -a {} /root/findresults/ \;
